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PERFORMING OPERATING SYSTEM RECOVERY FROM EXTERNAL 
BACK-UP MEDIA IN A HEADLESS COMPUTER ENTITY 

Field qf the Invention 

The present invention relates to the field of computers, particularly although 
not exclusively, to a method for implementing back-up of an operating system to 
a computer entity. 

Background to the Invention 

Headless computer entities, also known as "headless appliances" are 
known in the art. A known headless computer entity comprises a data-processor, 
memory, a plurality on input\output ports or the like, and an operating system. 
Headless appliances are generally designed without user interfaces, and lack a 
keyboard, pointing device e.g. mouse or track ball, and visual display monitor. 
This has the advantages both of reducing the cost of ownership , since the cost 
of a user interface hardware need not be borne by the purchaser, and also 
inhibiting interference with the operation of the appliance. 

In a headless computer entity, human administrators are conventionally 
allowed only very limited access to the computer entity for maintenance, or in 
some cases no user maintenance is permitted. To safeguard against theft or loss 
of the computer entity involving loss of data, optionally a computer entity may 
have a back-up device, for example a tape back-up device such as DDS (Digital 
Data Storage) format back-up device. A back-up copy of an operating system of 
the computer entity may be made to the tape back-up device. 

In a conventional computer entity where an operating system runs from a 
data storage device e.g. a hard disk, having re-write capability as opposed to 
read only memory, then there is a potential problem with backing up an operating 
system of the device onto a back-up medium e.g. tape, to provide for recovery of 
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the computer entity after an operating system malfunction of "creeping corruption" 
of the back-up data, in particular, where an operating system fails gradually over 
a period of time, and back-up copies are made onto a separate back-up data 
storage medium, e.g. tape, periodically throughout the gradual period of 
5 operating system failure, then the operating system which is being backed up 
onto the back-up data storage medium is a corrupted or gradually corrupted 
version of the operating system. Under conditions of operating system failure on 
the computer entity, the back-up copy of the operating system must be relied on 
to restore the corrupted operating system. However, if the operating system 
IB stored on the back-up medium is itself corrupted, or in a partially corrupted state 
immediately prior to failure, then there is no way of recovering the computer entity 
from an operating system failure using the back-up data storage media. 

Whilst the above problem exists both for conventional computer entities 
Wf having a visual display and keyboard user interface, and for headless computer 

entities having a user interface, the problem is less acute for conventional 
%J computer entities, because the operating system can be reloaded from an 
r original CD ROM data carrier, using the user interface. However, for headless 

computer entities, because there is no user interface provided, the problem is 
20 more severe. 

Summary of the Invention 

According to a specific implementation of the present invention, there are 
provided at least two copies of an operating system in a computer entity stored in 

2 5 a partitioned re-writable data storage device. A first (primary) copy of the 
operating system is used to actively control the computer entity. A secondary, 
copy of the operating system is used to operate the computer entity under 
conditions of failure or maintenance of the primary operating system. A further 
third copy of the primary operating system is stored on an operating system back- 

30 up partition of a re-writable data storage device, for example a disk drive or RAID 
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array. The third copy of the operating system, is maintained as a pristine 
uncorrupted copy of the operating system, in its original manufactured state after 
installation into the computer entity. 



Additionally, there are stored archived application configuration settings in a 
separate application setting archive partition of the data storage device. 

When the operating system of the computer entity is backed up to an 
external data storage medium, for example a tape data storage medium for back- 
up purposes, the third copy of the operating system is backed up. Since the third 
copy of the operating system is known to be pristine and uncorrupted, and is not 
used for running the computer entity, there is maintained on the external back-up 
medium, a pristine uncorrupted copy of the operating system. 

Therefore, it can be guaranteed that an uncorrupted version of the 
operating system can be reloaded into the computer entity from the tape data 
storage medium after an operating system failure of the computer entity. 



This back-up copy is stored in addition to the first operating system used to 
run the computer entity, and the third operating system stored on the operating 
system back-up partition of the data storage device within the computer entity. 



Upon restoring an ope 
the operating system is re? 
data storage device within 
settings are restored to the 
originally loaded onto the 
computer entity then involve 
first data partition of the 
area of the data storage 



the 



data 



ating system from a back-up data storage medium, 
>red to the operating system back-up partition of the 
computer entity, and the application configuration 
user settings archive partition, from which they were 
back-up data storage medium. Rebooting the 
s rebuilding the first copy of the operating system in a 
storage device, from the operating system back-up 
ye, with application configuration settings of the first 
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copy operating system being rebuilt from the pristine copy application 
configuration settings stored in the user settings archive partition of the internal 
data storage device of the computer entity. 

In a specific method according to the present invention to restore an 
operating system from the back-up media, before the pristine third copy operating 
system in the operating system back-up partition is overwritten, during a restore 
from back-up data storage medium operation, the original third copy of the 
operating system within the internal data storage device is first transferred from 
the operating system back-up partition to a "scratch" area (a reserved space 
partition) of the internal data storage device as a precaution against failure of the 
back-up operation from the back-up data storage medium. If a restore operation 
to restore the operating system from the back-up data storage medium to the 
operating system back-up partition of the internal data storage device fails, then 
the original third copy operating system, which was in the operating system back- 
up partition can be restored from the scratch area of disk to which it has been 
copied. Without this facility, a failure during an operating system restore 
operation from a back-up data storage medium could result in a corrupted third 
copy of the operating system, stored in the operating system back-up partition. 
However, with this facility, any failure during the recovery operation from the back 
up media can result in the computer entity restoring to a known working 
configuration. 

The first copy of the operating system is not always overwritten during 
recovery from the back-up data storage medium. During a back-up operation, 
version checking is performed, to compare a version of operating system already 
stored on the internal data storage device of the computer entity, with a version of 
operating system stored on the back-up data storage medium. If the version on 
the back-up data storage medium is a same major version, but a lower minor 
version, then recovery from the back-up data storage medium will overwrite the 
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third copy of the operating system stored in the operating system back-up 
partition. If an operating system version stored on the internal data storage 
device has a same major version, but a more recent minor version, then the 
back-up data storage medium will not restore the third copy operating system, 
since the third copy operating system stored in the operating system back-up 
partition is a more recent version than that stored on the back-up data storage 
medium. 

According to a first aspect of the present invention there is provided a 
method of performing a recovery operation of an operating system for a computer 
entity, said computer entity comprising: 

at least one data processor and 

at least one data storage device, wherein said data storage device is 
configured into a plurality of partition areas; 

said method comprising the steps of: 

copying a back-up operating system from a back-up source onto a 
operating system back-up area partition which is not used for direct running of an 
operating system by said computer entity; 

copying a user settings data from said back-up source to a user settings 
archive partition area of said data storage device; and 

resetting said computer entity. 

According to a second aspect of the present invention there is provided a 
method of storing a back-up operating system of a computer entity to a back-up 
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media, said computer entity comprising a pristine copy of an operating system 
stored in an operating system back-up area data partition of a data storage 
device, and a primary operating system stored in a primary operating system 
partition area of said data storage device; 

said method comprising: 

copying a plurality of operating system files in a pristine manufactured state 
from said operating system back up area data partition onto a back-up media; 
and 

copying a set of configuration settings from a user settings archive partition 
area of said data storage device to said back-up media. 

Brief Description of the Drawings 

For a better understanding of the invention and to show how the same may 
be carried into effect, there will now be described by way of example only, 
specific embodiments, methods and processes according to the present 
invention with reference to the accompanying drawings in which: 

Fig. 1 illustrates schematically an external overview of a headless computer 
entity; 

Fig.2 illustrates schematically a hardware-firmware architecture of the 
headless computer entity of Fig. 1 ; 

Fig. 3 illustrates schematically a logical architecture for storage of operating 
systems within an internal data storage device of the computer entity of Fig. 1; 
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Fig. 4 illustrates schematically a data storage device partition of the 
computer entity of Fig. 1 ; 

Fig. 5 illustrates schematically logical components cooperating to perform a 
restore operation from a back-up data storage medium; 

Fig. 6 illustrates schematically steps carried out to create a back-up of an 
operating system, onto a back-up media; 

Fig. 7 illustrates schematically steps for initiating a recovery from a back-up 
data storage medium; 

Fig. 8 illustrates schematically an operation carried out by the computer 
entity for restoring an operating system from a back-up media; 

Fig. 9 illustrates schematically a procedure for alerting a user to errors in the 
restoration process of Fig. 8; 

Fig. 10 illustrates schematically a method earned out by the computer entity 
for performing a reset of the computer entity, with user data being preserved; 

Fig.1 1 illustrates schematically an overview of a process for checking a valid 
operating system update version on a back-up data storage medium; and 

Fig. 12 illustrates schematically a sub-routine of the operating system 
validity check process of Fig. 1 1, for checking a major operating system update. 

Detailed Description of the Best Mode for Carrying Out the Invention 

There will now be described by way of example the best mode 
contemplated by the inventors for carrying out the invention. In the following 
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description numerous specific details are set forth in order to provide a thorough 
understanding of the present invention. It will be apparent however, to one 
skilled in the art, that the present invention may be practiced without limitation to 
these specific details. In other instances, well known methods and structures 
5 have not been described in detail so as not to unnecessarily obscure the present 
invention. 

Referring to Fig. 1 herein there is illustrated schematically in perspective 
view a headless computer entity 100 comprising: a casing 101 containing a 
_io processor, memory, one or more data storage devices and one or more 
communications ports connectable to a local area network 102; a relatively small 
display screen, for example a liquid crystal (LCD) display 103 capable of giving 
limited status information for operations carried out by the computer entity, for 
example, POWER ON mode, a STAND BY mode, or other modes of operation; a 
: 15 data entry means 104, for example a CD ROM drive, and a back-up data storage 
* device port 105, for example a digital data storage (DDS) format tape streamer. 

A headless computer entity is not provided with a visual display monitor, 
pointing device e.g. mouse, or keyboard, or other direct user interface, and 
20 therefore is difficult for a human operator to interact with directly. In operation, 
the headless computer entity is intended to be self-managing and self- 
maintaining. Typically, a headless computer entity will provide a dedicated 
functionality within a network environment. Examples of headless computer 
entities include network attached storage devices. 

25 

Referring to Fig. 2 herein, there is illustrated schematically an architecture of 
hardware and firmware components of the headless computer entity 200. The 
entity 200 comprises one or more communications ports 201; one or more data 
processing devices 202 as are known in the art; a memory 203 associated with 
3 o the data processors); at least one data storage device 204, for example a hard 
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disk data storage device, or an array of a plurality of hard disk data storage 
devices; an administration interface 205; a small display, e.g. a liquid crystal 
display device 206; a plurality of operating systems 207 as will be described 
herein after; and one or a plurality of application programs 208 providing 
5 functionality to the headless computer appliance. 

Referring to Fig. 3 herein there is illustrated schematically an overview of 
operating system 207 within the computer entity. The operating system 207 is 
stored on a non-volatile data storage device, for example a hard disk drive, or a 
Ik> RAID array. The operating system 207 comprises a primary operating system 
'ii 300, which controls the computer entity under normal operation; an emergency 
operating system 301 which controls the computer entity at times when the 
!'* primary operating system 300 is incapable of running the computer entity, for 
III example during a failure of the primary operating system 300, or during an 
hiS upgrade or replacement of the primary operating system 300; and a copy of the 
:f I primary operating system, comprising a copy 303 of the code files comprising the 
%i primary operating system itself, and copies 304 of default data of the primary 
L operating system. 

20 After a failure of the computer entity primary operating system or if the 

primary operating system 300 is upgraded, or restored from a back-up data 
storage device, the primary operating system 300 is restored directly from the 
copy of the primary operating system files 303 and the default data of the primary 
operating system 304. 

25 

Referring to Fig. 4 herein, there is illustrated schematically a format of data 
storage device 204, upon which operating systems 207 are stored. The data 
storage device is partitioned into a logical data storage area 400 which is divided 
into a plurality of partitioned areas of partitions and sub-partitions according to the 
30 architecture shown. A main division into a primary partition 400 and a secondary 
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partition 402 is made. Within the primary partition are a plurality of sub partitions 
including a primary operating system system partition 403 (POSSP), containing a 
primary operating system of the computer entity; an emergency operating 
system partition 404 (EOSSP) containing an emergency operating system under 
5 which the computer entity operates under conditions where the primary operating 
system is inactive or is deactivated; an OEM partition 405; a primary operating 
system boot partition 406 (POSBP), from which the primary operating system is 
booted or rebooted; an emergency operating system boot partition 407 (EOSBP), 
from which the emergency operating system is booted; a primary data partition 
=j§o 408 (PDP) containing an SQL data base 409, and a plurality of binary large 
objects 410, (BLOBs); a user settings archive partition 411 (USAP); a reserved 
111 space partition 412 (RSP) typically having a capacity of the order of 4 gigabytes 
!Jj or more; and an operating system back up area 41 3 (OSBA) containing a back 
nl up copy of the primary operating system files 414. The secondary data partition 
1315 302 comprises a plurality of binary large objects 415. 

~= Referring to Fig. 5 herein, there is illustrated schematically an interaction 

p between a plurality of applications 208 and the operating systems 207, for 
carrying out a back-up operation to back-up a primary operating system of the 

20 computer entity, and a restore from back-up data storage medium to restore an 
operating system of the computer entity. Applications 208 comprise a web 
administration interface 500 over which a user can activate back-up data storage 
including back-up of an operating system to a back-up data storage device; a 
back-up media restore utility 501 for controlling restoration of back-up data 

2 5 including a back-up operating system from a back-up media; a primary operating 
system restore utility 502 for restoring a primary operating system; and a network 
provisioning component 503. 

In this specification the term "back-up media" is used to describe any type of 
30 back-up media which is removable from a computer entity and can be taken 
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away from the computer entity. Examples of back-up data storage media 
include tape data storage devices, writable CD ROM devices, ZIP® drives, 
SPARC® drives, removable hard disk drives (HDD) or the like. In the specific 
embodiment described herein, a tape back-up data storage device is used 
however, it will be understood by those skilled in the art that this device could be 
replaced by any suitable type of back-up data storage device. 

Referring to Fig. 6 herein there is illustrated schematically a back-up 
process for backing up the primary operating system of the computer entity onto 
a back-up data storage media. In step 601 , a copy of primary operating system 
files 414 stored in the operating system back-up area 413 are transferred on to 
the back-up media. Because the copy of the primary operating system files 414 
stored in the operating system back-up area is a pristine uncorrupted copy of the 
primary operating system and is different from the copy of the primary operating 
system stored in the primary operating system system partition 403 which is used 
to run the computer entity, the primary operating system files 314 in the operating 
system back-up area 413 are uncorrupted, irrespective of the status of the 
primary operating system stored in the primary operating system partition 403. 

In step 602, the content of the user settings archive partition 411 is copied 
onto the back-up data storage media. The data in the user settings archive 
partition 41 1 comprises data which describes a way in which a user has set up 
the primary operating system. Therefore backing up the current data in the user 
settings archive partition effectively backs up the current settings of the primary 
operating system which is used to run the computer entity. Therefore in the 
back-up operation to the data storage media, there is backed up firstly a pristine 
copy of the primary operating system, which has not been used operationally in 
the computer entity and therefore remains uncorrupted, and secondly the user 
settings for configuring the primary operating system, which are stored in a 
separate partition on the internal data storage device from both the pristine copy 



30003757 



-12- 

of the operating system files 414, and from the active primary operating system 
stored in the primary operating system system partition 403. 

In step 603, the content of the primary data partition is copied to the back- 
up data storage medium; and in step 604 the content of the secondary data 
partition, comprising a plurality of binary large objects 415 is copied to the back- 
up data storage media. 

Each computer entity stores a license key, authorizing a number of users, 
outside of the data partitions used to store the primary operating system or the 
copy of the primary operating system in the operating system back-up area. 
Therefore, during a back-up operation, there is no need to back-up the license 
key data. Further, the license key data of high license number machine can not 
be backed up onto a different machine, expanding that machines licensed 
capabilities, and hacking of a license key on the back-up data storage medium is 
avoided since the license is not stored on the back-up data storage medium. 

There will now be described operation of the computer entity for recovery of 
an operating system from a back-up data storage media. Under conditions of 
disaster recovery, the back-up data storage media is inserted into the back-up 
data storage device 105. The back-up media contains the backed up contents of 
the operating system back-up area 413, the user settings archive partition 411; 
the primary data partition 408; including the SQL database 409; binary large 
objects 410; and the secondary data partition 402 including further binary large 
objects 415. In other words, the back-up media contains user data, user settings, 
and a pristine copy of the primary operating system. 

Under control of an operator, accessing the computer entity via web 
administration interface 500 and whilst running the primary operating system 300, 
the back-up media restoration utility 501 : 
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• Restores a pristine copy of the operating system, the user settings, and 
data back onto the data storage device of the computer entity. During 
this operation, a previous content of the operating system back-up area 
413 is copied to the reserved space partition 412 to safeguard against 
errors during the recovery from back-up media. 

• Once the operating system, user settings and data are recovered from 
the back-up media, there is initiated a reset operation of the computer 
entity, with data preserved, under control of the user via the web 
administration interface 500 and effected by the primary operating 
system restore utility 502. During the restore operation, control of the 
computer entity is handed over to an emergency operating system. 

During the restoration from the back-up media, checks are made to ensure 
that the operating system on the back-up media is compatible with the hardware 
of the computer entity. During the restoration from back-up media, events are 
copied to an alert log, if errors occur. 

Referring to Fig. 7 herein, there is illustrated process steps carried out for 
recovering backed up data from the back-up data storage media. A user initiates 
the process by accessing the web administration interface from a remote 
computer, and by inserting the back-up data storage media into the back-up data 
storage device 105. The web administration interface, displays a series of 
prompt displays to the user and displays a dialogue box for receiving instructions 
from a remote user interface. In step 701 , the back-up media restore utility 501 
checks the back-up data storage media for a valid primary operating system 
version number. In step 702, the back-up media restore utility reads a list of 
supported hardware types from the back-up data storage media. If, in step 703 a 
current hardware type data stored on the computer entity, is not contained in a 
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list of supported hardware types stored on the back-up data storage media, then 
in step 704, the back-up media restore utility generates a message to the user 
that the operating system stored on the back-up data storage media is 
incompatible with the current computer entity hardware. This may occur where, 
5 for example the computer entity has had to be replaced after theft of an original 
computer entity from which data was backed up onto the back-up data storage 
media, or where components of the computer entity have been replaced, with 
new components which are incompatible with the previous components of the 
computer entity. Provided, in step 703 that the current hardware type of the 
■MO computer entity is on the list of supported hardware types stored on the data 
carrier, then in step 706, the back-up media restore utility 501 generates a 
prompt message to the user to confirm proceeding with the restore operation. 
This message is displayed to the user via the web administration interface 500. If 
the user does not confirm or cancels the restore operation in step 707 then in 
i%s step 708 the back-up data restore utility exits the procedure. However, in step 
if* 709 if the user confirms proceeding with the restoration from the back-up media, 
%! the restore utility displays the name of the computer entity, and the date on which 
the back up media was created. This is to allow a final user confirmation that the 
back up media that they are using is the correct one. In step 710, the user may 
2 o confirm whether the back up media is the correct one, and following a positive 
confirmation in step 710, via the web administration interface, then the utility 
proceeds to restore the operating system from the back up media in step 71 1 . 

Referring to Fig. 8 herein there is illustrated schematically main process 

2 5 steps in a method for restoring the operating system from the back-up media. 

During the recovery from back-up media operation, the primary operating system 
runs the recovery algorithm. The back-up utility being an application running on 
top of the primary operating system. In step 801 , the back-up media restore 
utility 501 freezes any current back-up requests which may be in operation on the 

3 o computer entity, to prevent any further backing up to the data partitions that are 
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about to be overwritten by the restore process. In step 802, the back-up media 
restore utility closes all the data files which are currently open on the computer 
entity. In step 803, a current content of the operating system back-up area 813, 
that is the operating system 414 currently contained in the operating system 
back-up area are copied into the reserved space partition 412. This is to ensure 
that if the back-up procedure fails, and the data within the operating system back- 
up area 413 in corrupted, the original content of the operating system back-up 
area prior to restoration from back-up media, which has been stored in the 
reserve d space partition 402 can be recovered. Therefore, effectively the 
position immediately prior to a failed back-up can be recovered from the pristine 
copy of the operating system stored in the reserved space partition 412. In step 
804, the primary data partition 408 is restored for the data contained on the back- 
up data storage media. In step 805, the second data partition is restored from 
the data stored on the back-up data storage media. Steps 804 and 805 are user 
selectable via the web administration interface 500. A user may wish to restore 
only the operating system, without restoration of data on the computer entity. In 
step 806, the back-up media restore utility copies the operating system from the 
back-up data storage media onto the operating system back-up area 413 and 
loads the primary operating system files 414 which have been backed up onto 
the back-up data storage media onto the operating system back-up area 413. In 
step 807, the user settings are copied from the back-up data storage media to 
the user settings archive partition 411. In step 808, the back-up media restore 
utility 501 initiates a reset with data preserve process as will be described herein 
after, in order to reset the computer entity from the back-up copy operating 
system recovered from the back-up data storage medium. 

Referring to Fig. 9 herein, there is illustrated schematically a procedure 
which runs in parallel with the restoration procedure of Fig. 8, and is activated 
where an error in restoration procedure of Fig. 8 occurs. If an error 900 in the 
restoration procedure occurs in step 900, the pristine copy of the operating 
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system fifes which were copied from the operating system backup area 413 to the 
reserved space partition area 412 in step 803 are copied back to the operating 
system backup area 412, thereby ensuring that a valid operating system is 
contained in the operating system back up area 412, before a re-set with data 
delete procedure is activated. In step 901 a reset with data delete procedure is 
activated, in which the computer entity is reset with deletion of data, which puts 
the computer entity into a known good state, with system data in a known good 
state. In step 902 after performing the reset with data deletion, the utility displays 
an error message on the administration web page, and on the liquid crystal 
display interface, to alert the user that the tape recovery has failed. In step 903, 
the utility prompts, via the web administration interface, the user to retry data 
recovery with another, different tape set. 

In a case of a restore from back-up media where a known digital data 
storage (DDS-4) autoloader is used, where a plurality of tape data storage media 
are loaded into a plurality of slots in an autoloader device, the back-up media 
restore utility 501 should automatically load the correct back-up tapes in the 
correct order. Therefore, in a case where a user has replaced the tapes in a slot 
magazine of an autoloader in the wrong order, and so the back-up media restore 
utility 501 can not assume that the first tape in a set of tapes is in a first slot in a 
set of slots and the second tape is in the second slot etc., an algorithm 
comprising the back-up media restore utility checks which tape is in which slot 
and loads data from the tapes in the correct order. 

Referring to Fig. 10 herein, there are illustrated process steps for carrying 
out a RESET with data preserved operation 1000. During the rebuild of the 
primary operating system, the computer entity runs under control of the 
emergency operating system. In step 1001 the emergency operating system is 
started, either by a failsafe BIOS, or by the installation component 1002 forcing 
the emergency operating system to boot from the emergency operating system 



30003757 



-17- 

boot partition 307. In step 1002, the emergency operating system successfully 
booting results in an automatic reset of a BIOS boot counter, in step 1003, there 
is displayed an "initializing operating system rebuild\update" message on the 
liquid crystal display 103. In step 1004, a primary operating system restore utility 
502 is started, in step 1005, the primary operating system restore utility 502 
detects that restore of the primary operating system with preserve of data is to be 
effected due to a "RESET with user data deletion" flag being read. If the flag is 
not set, then the reset with data preserve operation is effected. In step 1006, the 
primary operating system restore utility 1003 overrides the primary operating 
system boot partition 406 and the primary operating system system partition 403 
using the content of the operating system back-up area 41 3 as it's source. Since 
the content of the operating system back-up area has been loaded with a pristine 
copy of the primary operating, this effectively overwrites the primary operating 
system system partition 403 and primary operating system boot partition 406 with 
the new version primary operating system which had been loaded in from the 
data earner. In step 1007, the primary operating system utility 502 sets an 
"system reset: restore user settings" flag. In step 1008, it is checked whether the 
"manual reset' flag is set, and if so, then the primary operating system restore 
utility 502 sets a "system reset: manual initiation" flag and then clears the 
"manual reset flag. In step 1010, the reboot is activated by the primary operating 
system restore utility 502 activating an automatic reboot to the primary operating 
system, from the primary operating system boot partition 406, which sets a new 
system identification (SID). After the system identification is set, network 
provisioning component 503 restores network settings and network system 
names from the user settings archive partition 411. Use of a new 
SQLBOOT.DLL file avoids problems due to changing the system name. 
Performing an automatic reboot enables network settings to be restored in step 
1014. In step 1015, the "system reset: restore user setting" flag is checked. If 
the flag is set, then in step 1017 there is attempted a restore of client user 
account information, application configuration settings, and administration 
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name\password from the user settings archive data stored in the user settings 
archive partition 411. if the archive signature is incorrect in step 1018, then the 
user\configu ration settings should be set back to default values in step 1019 and 
an alert should be logged to this failure in step 1021 based upon the settings of 
the special flags. In step 1022 all special flags are cleared and in step 1023, the 
primary operating system restore utility 502 automatically reapplies any "hot fix" 
patches which are stored in the operating system back-up area 413. 

Referring to Fig. 11 herein there is illustrated schematically process steps 
for a version control which checks for valid operating system version. In step 
1100 the back-up media restore utility 501 checks the operating system major 
version number from the operating system version on the back up media. In step 
1101, there is checked an operating system minor version number from the 
operating system version stored on the back up media. In step 1102, primary 
operating system version settings read from the back-up media are stored in the 
user settings archive partition 411. depending upon the results of steps 1100 to 
1102. 

The version control operates to ensure that incompatible primary operating 
system updates are not applied to the computer entity. The primary operating 
system version numbering scheme uses a major version and a minor version 
number, for example in the format XX.YY as follows: The primary operating 
system major version number (XX) is incremented when a new primary operating 
system build has: 

• major changes to user data structure such that automatic data upgrade 
functionality is not supported, for example moving from SQL server version 7 
to version 8; or 
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• has hardware dependencies that are not compatible with an existing 
hardware type of the computer entity. 

Each major version number will have a list of supported computer entity 
5 hardware types on which that operating system version will run. 

A primary operating system minor version number is incremented when a 
new primary operating system build has any of: 

• additional functionality (that is it is compatible with a major revision supported 
hardware type); 

• has changed a base operating system to a new, but still compatible version, 
for example moving from Microsoft NT4 to Microsoft Windows 2000®; 

• has patches for bug fixes; 

• has updates to device drivers which are backwards compatible with all 
variants of a major revision supported hardware types; 

20 

Updates to a primary operating system which is incompatible with a 
hardware type of the computer entity to which loading is attempted are prevented 
by means of a hardware type number. The hardware type number is stored in a 
capacity license "raw disk" sector of the data storage device of the computer 

2 5 entity. This hardware type number is read in step 702. Hardware types include 

different types of computer entity, for example which have different data storage 
capacities or different application functionality. Hardware components within a 
particular hardware type can be changed without changing the hardware type 
number so long as they perform exactly the same function, that is for example 

3 o changing one CD ROM reader device for another CD ROM reader device. This 
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means that a current Hardware type must be stored during a back-up operation 
on back-up tape device 105 to ensure that the back-up tape can only be restored 
onto the same type of hardware on which the back-up was created. The 
hardware type data read from the raw disk sector is compared with the supported 
hardware types of the operating systems stored on the data carrier in step 703. 

By applying a version control in the restore procedure, it is ensured that 
the computer entity can not be downgraded in operating system to an earlier 
operating system version. Further, if a later version computer entity hardware 
replaces a previous version computer entity, then the operating system 
corresponding to the latest version computer entity and not overwritten by an 
earlier operating system version corresponding to an earlier version computer 
entity. For example where a computer entity using operating system version 1.0 
is damaged irreparably, or stolen, and it is required to restore from a back-up 
data storage medium, onto a new version computer entity, where the new version 
computer entity is designed to operate with a later version op, e.g. version 1.1 or 
above, then version control prevents the new computer entity being loaded with 
the back-up operating system version 1.0. The operating system back-up area 
on the new computer entity containing a more recent operating system version, 
e.g. 1.0 or above, can not be overwritten by the back-up operating system version 
1 .0. Therefore, operating system downgrades are prohibited. 

If, during a restore with data preserve operation, there is detected an 
earlier operating system version data, e.g. data written in back-up operating 
system version 1.0, but the computer entity is a new entity having a later 
operating system version, e.g. version 1.1 or above, then the later minor version 
incremented operating system stored on the operating system back-up area of 
the computer entity automatically upgrades the data recovered from the back-up 
data storage medium to the new operating system minor version upgrade. 
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Therefore, it is always ensured that after a recovery from back-up data storage 
medium, the latest version operating system within the computer entity it used. 

Referring to Fig. 12 herein, there is illustrated schematically a process 
1200 followed for checking an operating system version stored on the back-up 
data storage media. The operating system stored on the back-up data storage 
media is only restored to the operating system back-up area partition 413, if the 
version stored on the back-up data storage media is an equal or greater version 
of operating system than is already stored on the computer entity. In step 1201, 
the major and minor version numbers of the operating system are read from the 
operating system stored on the back-up media. In step 1202, if the major version 
number of the primary operating system stored on the back-up media (back-up 
POS major version) is equal to the major version of the current primary operating 
system stored on the computer entity (current POS major version), then in step 
1203, the minor versions are checked. In step 1203, if the minor version of the 
operating system stored on the back-up data storage media is less than or equal 
to the current primary operating system minor version stored on the computer 
entity (current POS minor version), then step 806 is skipped, so that the 
operating system files on the back-up data storage medium are not restored to 
the operating system back up area on the computer entity, thereby avoiding a 
minor operating system version downgrade. If any other operating system 
version combination is detected, then in step 806 the operating system version 
stored on the back-up data storage media is restored to the operating system 
back-up area 413 stored on the computer entity, so that the operating system 
version on the computer entity matches that on the back-up data storage media. 



